Slashdot Mirror
Apple Outs Anti-Jailbreak Update
Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
*insert joke about Mac users being gay here*
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.
There are a million of them. Why not buy one you don't have to jailbreak?
Bet it'd be cheaper too.
Now we're going to have to wait a week before another exploit is released publicly. Shucks.
...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.
Java gaming nut - http://www.retep.org/ or for the rail http://uktra.in/
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" -Andrew Tanenbaum
As well as this not being a bad thing, why is this even news? We all knew that Apple would try to put a stop to it the moment we saw what Jailbreakme could do.
We have to go back to jailbreaking the old fashioned way with a computer and a USB cable - it'll take ten minutes rather than five now and require you to RTFM. And all because Apple wants to fix a gaping security hole. DAMN THEE DRACONIAN STEVE JOBS!!1!
catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }
I am curious as to how much longer we will go until the next security hole isn't used so benevolently.
Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.
It'd be a small miracle if no other security issues have been found since the release of iOS 4. The fact that the jailbreak exploit is the only thing that's being fixed suggests that Apple values retaining control over their device higher than fixing other security issues.
Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.
Living With a Nerd
Why buy a device that you cannot control? If I buy a device I expect to be root by default, not to have to jailbreak through some random PDF exploit. iPhone turns its users into digital serfs.
My little Linux and tech blog
Bricked? I thought you could just re-synch your phone and restore it.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.
Donate free food here
http://www.thinq.co.uk/2010/8/12/jailbreak-hackers-unleash-exploit-code/ Unless people update really soon, assorted malware could cut a swath through the iOS 4 user base.
for great justice
This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.
Nerd rage is the funniest rage.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
So this doesnt address the performance issues many ipod-touch/3g owners have been experiencing?
People, what a bunch of bastards
I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)
If the iPhone had random root passwords on each device, and used certificates to trust iTunes, the risk of a driveby attack doing permanent (ie surviving reboot) damage must be lower? Or have I missed something obvious here?
I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.
If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.
1. These sorts of exploits are found for every device all the time. This one was just famous because people used it to get root access to their own phone.
2. @comex et al are not immediately irresponsible and evil for exploiting and exposing a vulnerability. Isn't that what DEFCON and BlackHat devote entire conventions to?
3. If Apple just provided a safe way to get root access to your own device (like every other computer you've ever purchased) people wouldn't have to resort to using security holes.
4. With the the 2G iPhone and iPod Touch now unpatched by Apple, the only way to secure them is to jailbreak them and install the Cydia patch that is now available. Ironic.
It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.
This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time
They're afraid of being modded down.
Living With a Nerd
I thought android phones needed to be "rooted". Double standard much?
Be fair - its "advanced" functionality that comes with a modest but non-zero set of additional responsibilities for the user, along with a moderate amount of additional power. If it was truly "basic functionality" then there wouldn't be many millions of people quite successfully and happily using their devices without it.
You're special forces then? That's great! I just love your olympics!
And yet the activesync lock-up remains....
> 2010: The Year of the Linux Phone
It is! Android and others!
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Where is the "Obvious" mod thing when you need it? I think it was pretty clear and obvious that any exploit that originates from outside needs to be patched and fast. That was the first thing I thought when the jailbreak web page was announced.
Here's what gets me though -- it really took a frightening amount of time for that one to get patched and released. I expected a week or less and it was longer than expected. But I have to say that this puts Apple's OS at least on par with Windows and, quite frankly, I suspect it is far worse.
article title should be fixed to "Apple sends out update to fix PDF Vulnerability" ;)
Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.
Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).
androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.
That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.
Doesn't this update just patch the PDF exploit and not the other methodologies used by Dev-Team to jailbreak? And wasn't the PDF exploit developed by someone not on the Dev-Team? I'll gladly stand corrected if this is not true, but I thought I read this somewhere.
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).
article title should be fixed to "Apple sends out update to fix PDF Vulnerability" ;)
No, see, Apple users are all gay!
Which is funny, for some reason, because sexual orientations are funny. So...outing.... ...gay.... ...funny mod please?
The jailbreak community had a great workaround that takes most of the fear out of exploit and Apple didn't incorporate it in their fix. There is a jailbreak application that prompts the user before downloading any PDF via the Safari browser, meaning that you have to allow the browser to download any exploit. This plugs the biggest hole in that a rogue PDF could be loaded via a Javascript onLoad() script on the page.
"Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality."
If you think jailbreaking is necessary to enable "basic functionality" on an iPhone, I'd love to see what your definition of basic functionality is. I think you meant to write "advanced and technical functionality that relatively few people really need [want]." While I don't have an iPhone, I have an iPod Touch that I use constantly for school, work, and fun. After jailbreaking it to see what the hype was about, I quickly reverted to normal because for me jailbreaking interfered with the functionality of my iPod. Frankly, many (not all) people jailbreak for access to pirated apps. I know that's stereotyping a bit but it is the case for many people.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
This is Apple news, it's always a cause for whining. Jailbreak ? OMG HAX, it's the end the world! Security update ? OMG, evil Apple want to stop users taking control of their device.
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality.
This is bullshit, basic functionality ? You gain the ability to run unsigned, unapproved software. A locked iPhone will do the same as any locked smartphone.
But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits
The media praise Apple all the time ? This is bullshit on the same order as the "liberal media." It's confirmation bias: you get annoyed by stories that you perceive as pro-Apple and consequently see them everywhere.
or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
Don't know about the others but Android phones need to be jailbroken to gain full control, they just call it being "rooted". In fact Google recently pulled an app that would root your phone from their store (oh the irony!).
Android phones get plenty of coverage btw, they just don't specifically talk about the OS as much which you would expect it being a phone.
If all else fails, immortality can always be assured by spectacular error.
Apple,
4.0.1 is far from perfect - how about addressing a few of the following bugs before worrying about jailbreakers:
- Poor Bluetooth compatibility. Accessories that worked under iOS3 are flaky (or do not work at all) in iOS4. Lots of BT functions are broken - phone book transfer - switching between audio and handsfree results in no audio, frequent BT disconnects...etc.
- Occasionally upgrades to 4.0.1 result in poor battery life and excessive operating heat from the device (I have seen this on at least 5 phones). Wiping the device and restoring the phone fixes the issue (in every case so far) - so it's an upgrade problem
- Pathetic performance on the 3G model. Either make the performance better or exclude the device from further upgrades.
- Poor radio performance. I have heard a few complaints from my users that cellular radio performance is worse after the iOS4 upgrade. Phones frequently fail-over to Edge when 3G is available on other devices.
Trading a stable phone for multitasking was not what we wanted when our users upgraded to iOS4.
-ted
A file browser, the ability to share files via bluetooth or to install whatever software you want are pretty basic these days, computers and even phones have had such functionality for many years (I had a mid-range phone back in 2004/5 that could do all this). People compromise on form over function all the time (that's why supercars lack a lot of the basic amenities of the family run-around, or stiletto heels are cripplingly bad for women to walk on, but people buy them anyway) - it doesn't mean they wouldn't like the function too, given the chance.
If you're already jail broken (perhaps using the PDF Notifier app to give you at least the semblance of protection from this hole) there is no need to give up your jailbreak. Saurik has now released a patch that fixes the PDF vulnerability on Cydia. So have your jailbreak and be safe from rogue PDF files.
What basic functionality?
Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).
The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.
Jailbroken iPhones can patch the vulnerability by installing PDF Patch (CVE-2010-1797) that was released by saurik this morning.
Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.
Was jailbreaking a phone ever prosecuted as an illegal act? I think that ruling by the LoC is a bit overrated.
-mkb
The exploit didn't originate from outside, the exploit is a flaw in the OS - unless you just mean an exploit in the OS which was actively being targetted by users from outside (it's worth clarifying as there was a lot of assumption in the beginning that this was somehow Adobe's fault since it was the PDF renderer).
the hole plugged that stops some jailbreak from working could be exploited via malicious guys on the net to own your device via a hosted PDF. which isn't cool.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
With the exception of right wing political media that get together for weekly talking points, "The Media" doesn't collude together for a common focus. Most reporters know next-to-nothing about the beat they cover unless it is a personal passion, and expecting them to dig deep is incredibly naive, especially in a time like today when a skeleton crew covers virtually everything.
You have people like Engadget saying "hooray, we can root our iPhones!" and you have people like CNet saying "iPhones are hot shit!", and then you have every tiny tech beat for every newspaper in the country creating stories from that and the massive wave of popularity Apple has garnered. I'd love to see more non-specialty reporting on the history of locking down devices, but you'll have to wait for someone like Wired (who, despite their flaws, is a news hybrid) to try to cross that bridge first.
for a small bribe of an ox and six chickens, you too can cause a multi-billion dollar company's stock to blip down and make a killing in the market!
That has something to say about our society's priorities, and I don't think any of it is good.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.
Imagine having your phone bricked because you viewed the wrong PDF on some website.
Imagine a world where you don't have to break into your own device.
I'm not saying that it was not more of a good thing than a bad thing - but I AM going to say that the security vulnerability solved a problem for a lot of people. It may have also opened a door to malicious code, but that doesn't negate the idea that being able to install the code -you- want on your phone is good.
:)
Next, I expect to see root kits that patch their own back doors.
A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.
Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.
Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.
Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:
1: JB the device. /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
2: Hunt down "MobileTerminal 426", the Debian package.
3: Get on a wireless network.
4: Enable OpenSSH.
5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
6: scp the Debian package and install it.
7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
8: Edit
9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.
All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.
To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.
Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.
[1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.
Hey, did you know you can backup your Kindle downloads to your computer? YES REALLY. Every fricken time.
A Google search for kindle backup 1984 brought up this page, which claims that even after you have restored a backup, if Amazon has removed a book for alleged copyright infringement, it may delete the copy that you just restored the moment you turn wireless back on.
Is it actually doing something malicious or just displaying a message?
Track your TV Shows with your iPhone - FREE
Even back in the linux router modding days, "brick" was starting to lose its meaning. Someone announced a "de-bricking" technique and it started a whole debate on what "bricked" really meant.
"He's not dead. He's mostly dead!"
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Well, hell hath no fury like a geek who's been mildly inconvenienced.
Track your TV Shows with your iPhone - FREE
N900.
On May 15, 2010, I visited a Best Buy store, a RadioShack store, and a T-Mobile store in my home town. None of the three stores had this Nokia handset in stock. Google nokia n900 fort wayne indiana didn't appear to turn up anything either. Nor have I seen it advertised in print or on television anywhere near the extent that iPhone has been.
I just wish that Apple would put a mechanism in similar to what Android has in place where apps can go validate they are licensed to run on the device, and if not, don't run, or point the user to the App Store to buy a licensed copy. This way, the security of apps won't be reliant on keeping users from JB-ing their devices.
With Google's new API to check if an app is licensed, pirates have to hack each app, one by one, in order to get them working on unauthorized phones. Maybe Apple can follow suit, so people who like a "#" sign prompt on their phone can have it, but the pirates will be fighting an uphill battle.
Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.
Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).
- Even Google's own Nexus One needs to be rooted.
- Replacing the bootloader similarly isn't easy to begin with and not getting any easier either : "DroidX bootloader locked tight." And it will only get worse now Google itself is out of the handset game.
- The most popular Android phones come with undeletable crapware.
I want to like Android, I really do, but it doesn't help that most of the things people say about it are half-truths at best.
If all else fails, immortality can always be assured by spectacular error.
Back in the jail with y'all !
Imagine having your phone bricked because you viewed the wrong PDF on some website.
Imagine a world where you don't have to break into your own device.
Imagine what would happen if everyone who didn't like the way random corporations treated their customers voted with their feet. It's not as if there aren't any alternatives. I for one don't own a single Apple product and I get by in life with no trouble.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
Skype now works over 3G.
If all else fails, immortality can always be assured by spectacular error.
Even back in the linux router modding days, "brick" was starting to lose its meaning. Someone announced a "de-bricking" technique and it started a whole debate on what "bricked" really meant.
I therefore propose new terminology: "turd" is when you can't fix it with JTAG or similar. You can still build houses out of turds, but it takes a lot more talent and dedication.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What I have a problem with is that I own a 1st gen iPod touch; bought just a couple weeks before the gen 2's came out, so it's just under 2 years old. I cannot install iOS4, so I cannot install this patch. In essence, I have a device that works perfectly fine, but that has a gapping security hole in it that Apple refuses to patch. Why should I run out and buy another $300 device when the one I have now works perfectly fine? I'm really pissed right now. I also have 2 MacBook Pro's, and an iPad. Is Apple going to abandon them after 2 years? Probably. It's really aggravating how Apple is the "most environmentally concerned" electronics/computer company, yet they want me to throw away my perfectly functional device and buy a new one. Sure, I have the option to run Opera (it warns when downloading a PDF), jailbreak it and install the patch (which is what I'll probably end up doing) or just use it as a *gasp* iPod, but the point is I shouldn't have to. I don't want or need the other crap that comes with iOS4. I just want the damn security patch.
I would rather have seen a court ruling banning the prevention of jailbreak-type behavior, not just for phones, but for all consumer devices (game consoles, handheld items like e-book readers, etc).
The custom firmware setups for the PSP, for instance, are leaps and bounds ahead of the "official" firmware function-wise. PDF and image reader functions, improved video playback formats that the PSP firmware doesn't have (and in smaller space too), the ability to independently control the processor speed yourself rather than relying on sony's bitch firmware - at one point one CFW developer actually had a "save state" function that could enable completely shutting down the device (for improved battery life) and saving the system RAM to memory stick for resumption of an in-process game later.
"DRM" and "Protection" are bullshit.
I just won't update. Thanks to sauriks patch I can have my pie and eat it too. I like your phone, but seriously. F you apple.
Way to circumcise my freedom that was ruled in court Apple...
For one Bluetooth file transfer such as taking an picture and transferring to another phone (not all phones have email).
Another example, you may have 8Gig, 16Gig, 32Gig but can't use it without iTunes.
Contact Syncing requires iTunes. You may need to sync with systems which do not have iTunes. You are limited to the number of systems you can sync iTunes to.
Basic functionality which I had with all my previous phones and most where not even smart phones.
If this exploit is so dangerous, why did Apple not fix the flaw in older devices?
Seriously? Now I'm feeling old. I still thought it meant that.
They did, they released a patch for iOS 3 and 4, which between them cover all iPhone versions. (iOS 3 for iPhone 2Gs, and iOS 4 for all others)
spinning this as anything other than an important bug fix is downright irresponsible.
You must be new here.
-nd
I'd like to change the notification sounds on my iphone. The problem is there is no way to do that without jailbreaking. I'm sure there are more than a few people who would like that functionality.
Well, hell hath no fury like a geek who's been mildly inconvenienced.
It saddens me how truthful your comment is.
Once, the author of a webcomic I read posted the day's comic a few hours late. When the comic eventually was posted he also posted a pissed off message saying he had received literally hundreds of emails from angry people, many of whom were threatening to sue for not posting the comic as scheduled. Apparently waiting a few hours for 30 seconds of free entertainment ruined their day.
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
So now "outs" means "issues" as well as "exposes"?
I hate verbing.
When I accidentally left my iPod Nano in the pouch of my UnderArmour hoodie when I sent it through the wash over the weekend and now it won't turn on at all -- that's bricked. If I could re-flash it and fix it, then it wouldn't really be bricked, would it? But apparently kids these days can't tell the difference.
Not likely, I have had a iphone for a few years now and it does everything I need it to do and more. I am a developer, I love the battery life and performance of my device as well as it's usage of native code to write fast and efficient applications.
Got Code?
"Rooting" the Nexus One involves downloading a utility from Google's own website and running some well-documented commands. I'm just saying.
It is a shame that the other vendors don't make it that easy.
The main article states that iOS4 is updated. That is incorrect.
iOS 3x, or more correctly "iPhone OS 3" has also been updated in order to remove the flaw from iPads.
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
citation please.
i ask because i really doubt it was a similar hack. most of these so-called android trojans and viruses rely on 1) getting a user to install a non-market app for which they need to have explicitly allowed in their settings and 2) granting the app permissions to do malicious things.
"many (not all) people jailbreak for access to pirated apps" -- on what do you base that conclusion. It's not like the Cydia store offers pirated apps. I think most people jailbreak their iPhones to get useful apps that Apple will not approve for the Apple store. In most cases Apple doesn't approve these apps because they compete with an Apple product or take away from the gouging...er...I mean revenue desires of Apple or AT&T Wireless.
Two examples of this which apply to why I jailbreak my iPhone: Google Voice and data tethering. Apple wouldn't approve the Google Voice for the Apple Store. Apple/ATTWS only started offering data tethering with iOS 4.0...and you have to pay ATTWS an extra $20 a month (charing you a monthly fee to use data you're already paying for). Not only that, you have to get rid of your unlimited data plan and get a tiered data plan.
A jailbroken iPhone has allowed me to tether my iPhone and/or use it for a mobile hot spot using my current iPhone's unlimited plan w/o having to pay ATTWS an extra $240/year for the privilege of using my own data.
if you disable most of the smart search functionality, it speeds up considerably, but is still not as fast as the 3.0 OS.
Bring back the old version of slashdot.
I disagree. The iPhone is HUGELY popular, so you've got a very large audience interested in a jailbreak for the latest versions of its operating system. It's certainly good/positive news when that ability is made available to users. Unfortunately, the METHOD used highlighted a security flaw that put all iPhone users at risk of Internet-based attacks.
As for "needing to jailbreak an iPhone to enable basic functionality"? That's a stretch, don't you think? Just how do you define "basic functionality" of a smartphone? I'd think it would mean such things as the ability to make and take both local and long distance calls on it, to use the included camera to take and save photographs, and for the music player to function properly, downloading, saving, and properly playing music files. All of this works just as advertised on one. You've got the ability to download many, many free applications or games, and purchase many many more. Again, no jailbreaking required.
The things people want to jailbreak the phone for are really NOT basic functionality at all. They include such things as running "Installous", an installer that aids in locating and installing pirated/cracked applications so you can cheat developers out of the money they're asking for their apps. Oh, and apps like "MyWi" which enable tethering without paying AT&T extra to do it legally. (I'm not passing judgment here on if that's "right" or "wrong". I'm just pointing out, these aren't really defined anywhere as basic features required to use the device....)
The media does a lot of praising of Apple because they get how their products appeal to the masses. Sometimes, technology "power users" dislike what Apple has done, because they feel too many things are "dumbed down" or choices made for them. But that's EXACTLY what makes their products stand out as superior to everyone else. Most people just want to take part in using a given technology, without having to become an expert on it just to make it useful for them. The iPod took the world by storm not because it offered the most features of any portable music player, but because it simplified everything down to the bare essentials. You could teach your grandma to get around a music playlist and adjust iPod settings with the big scroll wheel in the middle of it. By contrast, grandma was NOT interested in some player with 50 small buttons and multi-layered complex menus letting you adjust arcane details or even clicking through multi-band equalizer settings.
What's the difference between needing to jailbreak the iPhone and rooting an Android phone to remove crapware that the carriers install or to allow side loading (AT&T Android phones),etc?
That is a carrier restriction, not an Apple restriction.
My understanding is that the iphone (unlike other more basic phones) initially didn't allow tethering at all and now only allows it if the carrier specifically enables it.
So depending on where you are and what carrier you use the ipone tethering situation ranges from something the network can charge extra for to shit out of luck.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Labeling this flamebait implies that he is insulting people by calling them gay. Thus everyone who has down-modded it sees the concept of being gay as something negative. Clearly this was meant as a joke and to take it as an insult means you are bringing your own beliefs about the negative connotation of being gay into the modding process.
Please mods leave your bigotry out of the modding process. People can be gay and still be normal people.
I thought android phones needed to be "rooted". Double standard much?
the main reason for jail breaking an iphone is to allow installation of non-app store apps. you can and have always been able to do that on any stock android device.
now that tethering is available in the OS (or via the debugging port) there's really no reason to root your android phone. here are the to possible reasons though just to represent the other side of the issue,
1) there are a few functions, such as taking a screen capture that do require root. maybe someone can chime in with other possible uses.
2) if you have an older device where the manufacturer isn't providing updates, you need to root before installing custom ROMs
A "Score 3: interesting" is the confirmation that slashdot mod system is completely broken.
THis is the one thing that at least has me tempted to jailbreak my iPhone.
Beyond that...there's nothing on the "Unapproved App Store" that I remotely give a shit about. But thats just me.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Actually it ranges from "free of charge" to "shit out of luck": my carrier enables it for every iPhone on their network.
No kidding!!! What do you say at this point?
Dell sells them online. I am sure the will ship to Fort Wayne.
Handheld devices are generally things that a buyer wants to hold in his hand before whipping out the credit card. Because neither any local store nor any of my AFK friends has an N900 for me to try, I don't know whether I would find its ergonomics usable. According to Dell's terms of sale, Dell charges a 15% restocking fee if I buy a product, find it unusable for any reason other than a defect, and return it. I will still be out of pocket the restocking fee, shipping, and return shipping.
You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.
And there are provisions in the contract between Apple and AT&T which would allow AT&T to do things like this which would reduce the total number of iPhones sold but be very good for AT&T. How much additional money do you think Apple got (or gets) by agreeing to this? They are partners in a business venture, not strangers.
You don't need iTunes to sync contacts. There are third party sync apps that sync your music, photos, contacts, calendars etc without the use of iTunes.
Bluetooth file transfer, I did forget that. Going via the usb cable to get images off is a little restrictive sometimes, but hardly a reason to jailbreak unless you are constantly sending files that way.
Installing programs not approved by apple? Sounds pretty basic to me.
That's one of the funniest things I've read here. I'm getting image of 100 Peter Parker type guys working themselves up into a minor tizzy.
The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
Just file this under "CmdrTaco Hates Apple." In fact, I propose that as a new hash tag.
But then I realized the cable was blue, so I only gave it one star. I hate blue.
No, it's only a confirmation that at least one moderator has been huffing a bit too heavy on the crack pipe today. Usually, there are at least five of them.
The harder Apple fights to lock the phones the more it will push developers and power users to Android.
i would guess they don't care. the problem with allowing easy root access to the phone is that it would make the phone less secure (for users that don't understand, which is a lot of iphone users), less stable, and most important: harder to support.
that's always been true on desktops. give users root, or the equivalent on windows, and they install all sorts of nasty software and muck around in places where they shouldn't. it's a sysadmin's nightmare. i remember a user many years ago that had his /usr/bin folder *magically* disappear.
the cost of supporting some number of rooted devices is greater than letting the few power users that absolutely must have root go to some other platform.
I'd mod this as +1 insightful. The force of "scratch an itch" that drives open source development is the principle of "hell hath no fury like a geek who's been mildly inconvenienced."
I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.
This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.
The problem is that they haven't patched the real security issue: the one that makes exploits desirable for users of an iphone.
Make it so that owners don't have to jailbreak their phones in order to run whatever they might want to. Once they do that, these vulnerabilities will no longer have a beneficial side to them.
How about this: the iPhone is, among other things, a computer, and a basic functionality of a computer is flexible programmability. :-)
So what you are saying is that Apple should leave the hole allowing a PDF to do remote code execution (which no PDF reader should allow), then they should harass all users every time they download a PDF to tell them it might have the ability to own their device (since they decided to leave the huge security hole) and all this just so that people who want to jailbreak their phones don't have to plug them into a computer via USB? You were kidding, right?
WHAT? The real security issue is that a website could own your device. Who cares that jailbreakers were using this to do something they wanted to do to their own devices, it could just as easily have been malicious.
You said: Once they do that, these vulnerabilities will no longer have a beneficial side to them.
I'm sorry, but what the heck are you talking about? I can think of a ton of vulnerabilities that would have a "beneficial" side to them. Say, for instance, a website were to install a key logger and capture all your passwords, or credit card numbers, or whatever... This vulnerability is far worse than simply allowing people to jailbreak their phones. It gives some other entity remote code execution to your device and that is pretty much the worst sort of vulnerability and Apple is right to patch it as quickly as possible. Period.
Even Google's own Nexus One needs to be rooted
It doesn't "need" to be rooted. You "can" root it. The deal is the fact that you can root to enable extra functionality that most people wouldn't care about. Such as replacing the kernel, overclocking, using a terminal to directly access the OS internals. Most reasons to jailbreak an iPhone can be done on an Android phone without ever having to root it.
Replacing the bootloader similarly isn't easy to begin with and not getting any easier either : "DroidX bootloader locked tight [droiddog.com]." And it will only get worse now Google itself is out of the handset game.
As GP said, it depends on the phone. Some phones, like the original Droid, are very easy to root. Download the official motorola program to flash it, download the .sbf file, run said program with said file. Then install superuser. As for the Droid X, how bout A One-Click Root?
The most popular Android phones come with undeletable crapware
This is unfortunate and sucks horribly. Only root would allow you to delete the crapware, which is making me clambor to hope that a better, non-screwed, android phone will emerge before it is time for me to upgrade.
As far as half-truths, the same could be said of the iPhone, and nearly every electronic device. Many people will speak highly using half-truths to make something sounds great, others will do the opposite, lying through their teeth to make something sound horrible. Research and figure out for yourself, go with what works for you. So far it seems the problem is not Android, the problem is the manufacturers using it (Moto locking the bootloader, Moto and HTC loading crapware onto the phones, the carriers preventing the crapware from being deletable, etc.)
So, where does it say that this is a basic function of the phone? It is very clearly designed to *not* work that way.
If you want to install non-vetted software, the iPhone is not the phone for you, unless you want to jailbreak it - ie, it;s not missing a basic function; it was never designed to have it in the first place.
it looks like that is a problem with Exchange, and has nothing to do with the iphone (other than the person who actually took screenshots of the Flash SMS uses an iphone, not surprising given most phones have no way to take screenshots :)
Apple's attitude is that "it's not enough to be good, you have to look good doing it." MS's attitude is "it's like your old comfy jeans. You're never going to throw them away." *nix's attitude is "BIKE SHORTS MOTHERFUCKER RTFM".
Let's be fabulous and make 2011 the year of the Linux desktop -- while we're still using desktops, FFS.
Perfect! Best description I've seen recently...
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
I'm hostile enough to the lock down that I wouldn't buy a phone with it, so to me the fact that there are major security holes on the phone just means that there are major security holes.
Nerd rage is the funniest rage.
Android is not a more popular platform. Neither Gartner, Canalys, Comscore nor Admob put Android anywhere near iOS in market share. Only NPD do. The most obvious of NPDs failings is they only cover the US market.
http://en.wikipedia.org/wiki/Usage_share_of_operating_systems
I just tell people that when the iPhone 5 comes out and it sits there without a single working exploit just like the PS3 has not been cracked in 5 years, you can thank the app pirates for that. Already, the iOS4 JB is a userland JB which it limited in scope. The iBoot functionality is still not yet affected.
Thank you app pirates. You have made all Android devices currently in production in the US unusable for firmware modders with signed bootloaders and other stuff. You keep forcing Apple to keep upping the bar for jailbreaking instead of letting people do what they want. You force Apple to spend money on this stuff when they could be spending it on newer toys.
Pardon my vulgarity, but fuck you, app pirates. You have almost completely killed the Android modding scene.
Or put another way: Audi sells most expensive consumer router, ever.
https://www.eff.org/https-everywhere
For those of you that are having download issues (I did with one device, but not with another... strangely), here are the iOS 4.0.2 direct download links:
iPhone 3G: http://appldnld.apple.com/iPhone4/061-8802.20100811.XcfpR/iPhone1,2_4.0.2_8A400_Restore.ipsw
iPhone 3GS: http://appldnld.apple.com/iPhone4/061-8805.20100811.Dcr4e/iPhone2,1_4.0.2_8A400_Restore.ipsw
iPhone 4: http://appldnld.apple.com/iPhone4/061-8807.20100811.3Edre/iPhone3,1_4.0.2_8A400_Restore.ipsw
iPod Touch 3G: http://appldnld.apple.com/iPhone4/061-8554.20100811.Bgt54/iPod3,1_4.0.2_8A400_Restore.ipsw
SOURCE: http://forum.gsmhosting.com/vbb/f456/iphone-4-0-2-direct-link-1070402/
When I accidentally left my iPod Nano in the pouch of my UnderArmour hoodie when I sent it through the wash over the weekend and now it won't turn on at all -- that's bricked.
It'll probably be fine. Put it in a ziplock bag with dry rice and as many of those dessecant packets as you can scrounge up and leave it for a few days. If you can open it up, do that and make sure it's all dry inside. I've done similar things with lots of electronic devices, and as long as you didn't blow any caps (unlikely with surface mount technology) and there is no hard drive, you're probably going to be OK. Had the same thing happen with an iPod Touch, and it turned out just fine.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
In a language with half a million words, could you really not find an existing one that fits rather than clumsily converting a preposition into a verb?
For jailbreakers who want to be safe and keep their jailbreak, search for "PDF Loading Warner" in the Cydia store. It's a pop-up that will warn you if Safari is attempting to load a PDF, so you can cancel it if you're not expecting to be viewing a PDF.
For iPhone 2G and iPod Touch 1G users, there's no Apple-approved solution to the PDF exploit.
The jailbreak community is working on an actual PDF patch to fix the exploit. This could be the only solution for iPhone 2G/iPod Touch 1G users, to jailbreak their device and install the patch.
It's in test phase now, but you can get a copy: http://twitter.com/saurik/status/20958834996
--
#include <malloc.h>
free(your.mind);
One of the things the jaulbreak developers did, was to close the exploit before apple did, on more devices than apple did.
So, to close the exploit, you'd use the exploit to jailbreak your phone, and then patch it.
WHAT? The real security issue is that a website could own your device.
Relax. Take a deep breath. I'll wait. If you're ready now, I'll explain.
You said: Once they do that, these vulnerabilities will no longer have a beneficial side to them
I'm sorry, but what the heck are you talking about? I can think of a ton of vulnerabilities that would have a "beneficial" side to them. Say, for instance, a website were to install a key logger and capture all your passwords...
That was my fault for writing an ambiguous sentence. I should have said, "Once Apple gives control of the phone to the users, these vulnerabilities will no longer have a beneficial side to iPhone owners."
The exploits are a bad thing, I agree with you. However, since they currently have a legitimate use with a beneficial value to owners, there's an active incentive to keep phones unpatched and to delay updating when new firmware is released, because you're afraid updating it might disable your jailbreak. That is the greatest security issue there is: it encourages people to keep using phones with known exploits, and they do this on purpose, fully aware that there's an exploit, and fully aware that there's a fix for it.
No bird wants to live in a cage, even a very pretty one. No user wants to have a phone inside of a walled garden. The garden is nice, but what is over the wall? I want to see. I want to go there. Your fear is someone (bad) getting in. My fear is not being able to get out. There is a possibility that someone bad will do harm by coming in. Its certain that I won't be happy trapped inside and wanting to get out. Safety vs. freedom. I suppose it all depends on whether you don't mind living in a very safe Alcatraz. No bears can eat you in there. I would rather be in the woods with the bears. If I find one, I will avoid them. There are no babbling streams in Alcatraz. There are no flowers in Alcatraz. I can't roam for 200 miles in Alcatraz. Go ahead, give up your freedom for safety. I would prefer living slightly less safe, and slightly more free.
The main thing I wanted to do this for..was to get a good free terminal, so I could ssh into my boxes at home.
The first thing I installed was the MobileTerminal program under Feature Package. Whenever I try to run it..it promptly crashes.
Is there another terminal out there that works?
Also, I'm not finding a great deal of information about what all packages are out there, with good descriptions. The on Cydia...the descriptions if any are not terribly helpful.
Is there a good site out there that lists programs available for JB phone, with good descriptions...maybe even with a rating system for people to mark what works and doesn't?
I'm new to this...and having a hard time finding good solid info out there...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
Never mind the fact that OS X, WINDOWS and LINUX all suffered from the same exploit via Type 42 Fonts. Freetype was immediately updated. http://www.kb.cert.org/vuls/id/275247
I'm assuming you're on iOS 4.0.x. In that case, it is best right now to check on Saurik's twitter (http://twitter.com/saurik) as he is the developer of MobileTerminal. He currently has known bugs - including a nasty MobileSubstrate crash, sounds like what you're seeing - when running on iOS 3.2.x and 4.0.x. MobileTerminal last worked reliably on version 3.1 and earlier.
For the last time, PIN Number and ATM Machine are redundancies!
It's not a basic function because it never had it? How could the iphone lack basic functionality if you define basic functionality as what the iphone offers?
I know that's the goal you are going for but it is a pretty blatant fallacy you are using to get there.
Except, after you jailbreak, you can install a CVE patch to the PDF exploit via Cydia (the jailbreak version of the App store).
So my jailbroken 4.0.1 phone is more secure than your unbroken 4.0.1 phone.
You fail at basic English comprehension.
If jailbreaking the iPhone causes tethering to change from doesn't-work to work, then it's an Apple restriction.
citation please.
Welcome to Slashdot. We're discussing here. You might find that it's a different than, say, Wikipedia.
Advice: on VPS providers
That's one of the funniest things I've read here. I'm getting image of 100 Peter Parker type guys working themselves up into a minor tizzy.
Good God, let's not bring the Spiderman clone saga into this...
Advice: on VPS providers
Or just use something like Easy Root by UnstableApps.com. It roots your phone without needing adb or a computer at all. Of course, it uses an exploit to gain root priv's too :)
Unstable Apps: Our Android Apps Don't Suck
I agree with much of what you said, just 2 little points:
As GP said, it depends on the phone. Some phones, like the original Droid, are very easy to root. Download the official motorola program to flash it, download the .sbf file, run said program with said file. Then install superuser. As for the Droid X, how bout A One-Click Root?
I was talking about replacing or patching the bootloader not rooting there. The DroidX comes with some pretty heavy measures to prevent it, just like the iPhone does. The point was that the hardware is already locked down as tight as the iPhone, the software less so probably because the carriers aren't as specialized in hacking the OS.
So far it seems the problem is not Android, the problem is the manufacturers using it (Moto locking the bootloader, Moto and HTC loading crapware onto the phones, the carriers preventing the crapware from being deletable, etc.)
You can't separate the 2 though, there's no platonic ideal Android floating around only Android as it is used out in the real world. That's why I would have preferred Google kept making their own handsets (even if I wouldn't have bought one), at least they were more open in every sense.
If all else fails, immortality can always be assured by spectacular error.
The desiccant packets are a waste of time, but you can go buy some closet anti-moisturizing crystals at your local hardware store. I've used them for closet moisture removal before, the stuff is called Dri-Z-Air (among other names... but that's the brand I bought.) Put the crystals in a pie pan with a pie rack on top of it and the parts on top of that, put them in the aforementioned bag.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
There was a lot of fear talk, but as far as I could tell the gist was that people were getting SMS messages with "scary" wording in them. Whatever.
It did remind me of the SMS bug that Apple fixed a while back (for the record, they are far from alone in having an SMS bug) -- maybe someone has discovered a new bug in SMS? Possibly.
SMS is an afterthought as far as the telcos are concerned, and their only interest is in getting people to pay for it. Consequently there is not even the concept of security in it. SMS simply uses "dead space" in the "ping" messages sent by a tower to a phone. That's it.
I could, with only one registry key edit (granted, on the older ROMs,) tether.
To my stock smartphone. (Not stock any more, but hey.)
I could also tether to my previous stock smartphone, with the addition of one $30 program.
Oh, and I've got a smartphone that was even promoted as offering free tethering, out of the box, no additional software needed.
No monthly fee, no rooting/jailbreaking (because both already gave root) needed.
Want to know what the phones are?
An HTC Touch Pro (Windows Mobile 6.1,) a Palm Centro (Palm OS 5.4.9,) and a Kyocera QCP-6035 (Palm OS 3.5.2.)
Sorry about that... I think I was reading into your post what I wanted to read, since I had already read several posts above saying exactly what I thought you were saying. Doh. (Inserts foot in mouth =D).
Actually you're wrong, there's a large number of heterosexual people who engage in sexual acts with people of the same sex just for physical pleasure or a various number of other reasons. The accepted medical definition of gay is someone who feels an emotional attraction to someone of the same sex. If you're a straight man you can get off with another man, it's just the way human body works, falling in love with that man that's a totally different story.
Wow. You are really confused. If you have consensual homo sex then you are a homo. FULL STOP. The definition of gay is someone who is physically attracted to someone of the same sex you moron. Feelings have nothing to do with it. If you are a guy and you have had sex with another guy then you are a homo. Got it?
This seems awfully silly. I mean, if you dance, does that make you a "dancer"? Does that categorization immediately and irrevocably define you?
Some of what you say makes sense. If someone lives under the pretense of not being gay but engages in homosexual activities, their own claims about their orientation can be overridden by simple observation of fact. But I think one has to be careful of labels in general. Labeling people is not always a bad thing, the practice exists because it's useful. We can understand greater things by thinking of them in terms of broad concepts. But if someone chooses not to define themselves as "straight" or "gay" or "bi", why is it so important to you that they wind up in one of these categories?
And who was it who said "If you label me, you negate me"?
Bow-ties are cool.
Did anyone else find a bajillion grammatical errors in that article? Judging by his name, I'd assume that English is the author's primary language... that article is barely coherent.
yeah, maybe that person was just posting to satisfy their ego and weren't really trying to add anything useful to the conversation.
And another black mark on Adobe.
I wish Apple would have a list of problems they're working on fixes for, instead of just releasing a patch with convoluted details on what it does.
Example? How about they fix whatever they broke with their docking system when OS 4 was released? os4 will not work via USB cable with Ford Sync thanks to Apple's update. The indexing feature fails and disables the car's USB port. While I think Ford shares some of this blame, Ford has stated it's Apple's problem to fix, but they've been silent as far as whether they're going to do so. Instead of pointing the finger back at Ford, it would be nice for Apple to release a fix and take care of their customers (and early adopters).
Customer loses again. Thanks Apple.
Sorry about that... I think I was reading into your post what I wanted to read, since I had already read several posts above saying exactly what I thought you were saying. Doh. (Inserts foot in mouth =D).
Well, like I said, I do understand my wording was ambiguous. Using pronouns when the subject isn't clear tends to cause misunderstandings such as these. I was typing a comment that made sense to me, and didn't bother to proofread it, because, you know...it's slashdot :)
No harm, no foul.
So, essentially you don't consider email to be basic functionality. The thing is, I do. Aside from that, why not just send it via MMS? Or is that another example of something that other phones don't have that you don't consider to be basic functionality? (In the interest of full disclosure: I'm still using the original iPhone which doesn't have MMS support.)
So what you are saying is that Apple should leave the hole allowing a PDF to do remote code execution (which no PDF reader should allow), then they should harass all users every time they download a PDF to tell them it might have the ability to own their device (since they decided to leave the huge security hole) and all this just so that people who want to jailbreak their phones don't have to plug them into a computer via USB? You were kidding, right?
He's still thinking like a windows user.
...thereby keeping it off the secondary market.
Why should you run out and buy another $300 device? Because you have reached the end of the effective life of the last $300 device you bought.
Fool me once...
Is this a bug in Apple's iPhone OS, or a bug in Microsofts ActiveSync software?
From reading the article, it sounds like that latter, and hence not something Apple is either responsible or could fix (though they could put pressure on MS to fix it).
SMS messages on the iPhone look nothing like that. They appear in a small blue dialog box. That's clearly a hacked iPhone - and, therefore, an Apple bug.
Last I checked, none of the Apple phone line up has bricking fuses built in. In fact, if you try and jailbreak a phone with the wrong software, it just doesn't work. No perma-brick, unlike some Android phones.
No fanboyism here, just pointing out an error in your reason.
Ironically, the net effect of the hack is to put people with jailbroken iPhones at risk, because they don't have the fix, and the exploit is now known. Somebody will have to reproduce Apple's patch (or jailbreak the patched OS by another method) before jailbroken iPhones will be safe.
> As for "needing to jailbreak an iPhone to enable basic functionality"? That's
> a stretch, don't you think? Just how do you define "basic functionality" of a smartphone?
Depends on your perspective now doesn't it. You see a smartphone and I see a small computer with a cell modem. Any computer I can't program and or install any third party program I want onto is defective and must be repaired or replaced.
Democrat delenda est
What about those bitches at Starbucks who got the wrong coffee.. I'd rather deal with an irate geek.
I agree as well. I was about to say Apple needs to give up on trying to stop people from jail breaking their phones, however, as previously pointed, this is a security issue and needed to be dealt with accordingly. so the side effect was that it stopped the jail breakers but i think their main concern was the exploit.
http://weboven.blogspot.com
Enabling tethering is probably my #1 reason. I don't care what AT&T's contract says; tethering is a function of the phone, not the service. I suspect this is why nobody's ever had their service terminated for tethering; AT&T knows they'd lose a court battle, and they don't want to set a precedent, let alone publicize this information.
Aside from tethering, SBSettings is quite handy (change brightness, kill tasks, enable/disable radios, etc. much faster than exiting an app and navigating to Settings).
Changing the lock screen to display useful data is nice, but I haven't found an app that does that well in iOS4.
3G Unrestrictor is great for getting full quality video over 3G and downloading apps larger than 10MB from the actual App Store. (As for why this works: They can't filter by TLD because AT&T provides land-based internet services, and filtering by IP is untenable, so they simply ask the phone if it's on 3G or WiFi).
And then there's the ability to simply copy files to the phone that jailbreaking provides.
https://www.eff.org/https-everywhere
My understanding is that the iphone (unlike other more basic phones) initially didn't allow tethering at all and now only allows it if the carrier specifically enables it.
Your understanding is incomplete. Tethering was always possible on the iPhone, but since AT+T did not want to allow it, Apple didn't include a simple way to enable it. Now that AT+T has decided that tethering is OK if you pay extra for it, Apple has included the simple enable mechanism.
Enabling no-added-cost tethering is the best reason to jailbreak an iPhone.
It was thoughtful of Apple to fix that bug for me. Too bad I already got the Cydia virus. :)
As much as I hate defending Apple,
That actually has to do with the GSM Spec. It's flash or class 0 SMS (classes defined at the bottom of that page) which is not saved. Granted Apple should not have set the phone to automatically display class 0 SMS's but it's mostly social engineering.
Class 0 SMS's have been used a lot in cyber bullying lately.
Calling someone a "hater" only means you can not rationally rebut their argument.
This is what I dont get about Apple fanboys, they claim Apple is "not like the other companies" yet they do the exact same things.
The problem with the mobile phone industry, as is so often pointed out by Apple fanboys in Android discussions is the carriers. Well I agree but Apple is doing exactly nothing to move us away from that system. The problem is vertical integration, the carriers control the hardware, software and the service. Apple in this instance has still got the hardware and software married to each other, then they are having an affair with the carrier by removing/selectively enabling features the carriers dont want.
Lambaste Google all you want about the N1, at least with Android I have the source code and as impractical as it seems I _can_ make my own phone (w/ obligatory blackjack and hookers).
Calling someone a "hater" only means you can not rationally rebut their argument.
Tethering was not always available on the Iphone, it was a feature added into the 3rd revision of the OS and could be disabled at the carriers behest.
Enabling tethering is the best reason to buy a different phone that supports the functionality outside of the carrier and doesn't restrict the applications you can install.
Calling someone a "hater" only means you can not rationally rebut their argument.
Installing non-Microsoft apps? I wouldn't call that basic.
No.. Wait... I would.
So it's like we've always said, it's Apple's way or the highway and if you want to do anything that is not "approved" like using your own mail client well your SOL. This is not a feature, dear fanboys. Imagine if MS said you can only you IE on Windows without hacking it.
BZZZZT, wrong
But thanks for playing.
Stock Android and Nokia phones on Australian telco's can use Skype or other VOIP services over 3G where as a stock Iphone cannot. Why, well because the law in Australia says I pay for the data I can use it however I like and the carrier doesn't get a say in it. The 3G restriction is phone based.
Calling someone a "hater" only means you can not rationally rebut their argument.
I think this is less of a case of "the most open platform doesn't always win" and more of a case of "the most closed platform always loses" which has plenty of historical examples (most poignantly from the now defunct Apple Computers).
There are more open platforms then Android such as Maemo. Although Android is fairly open so I suppose it's the difference between Linux and OpenBSD (don's flame resistant suit and lets loose the dogs of FOSS fanboyism).
Calling someone a "hater" only means you can not rationally rebut their argument.
It seems to me that the OP was expressing a perfectly valid opinion. The fact you disagree with it does not make it a troll.
Calling someone a "hater" only means you can not rationally rebut their argument.
Neither do any Android phones.
None here either, but pointing out a flaw in your reasoning.
BTW, I have installed custom ROM's on my Milestone which has the supposed functionality you describe. It doesn't perma-brick, you just need to restore the device to factory settings (via the boot-loader).
Calling someone a "hater" only means you can not rationally rebut their argument.
Then don't buy them, and make hardware that you want to support that provides those features. You're only supporting DRM by buying products that use it.
Are you talking about the custom ROM on a HTC Desire or Samsung Galaxy S?
I already have a dumbphone on a $7/mo plan with Virgin Mobile USA; I don't want another $60/mo phone line. Why do the devices you mention cost $600, compared to an iPod Touch that costs one-third that?
You know, the PC, the "console" with the most games available for it.
PC has the most single-player games and online games, yes. But as I've pointed out elsewhere, localhost multiplayer is underrepresented in PC games, even for players who have the required big HDTV monitor and four USB gamepads. For example, apart from Street Fighter IV and MUGEN, fighting games are console-only.
But, as I asserted, there aren't any exploits involved. "Rooting" a Nexus One can be done using vendor-supported tools in a vendor-supported manner.
No, they aren't. Sure, they aren't marketing the N1 to consumers any longer, but it's still on sale as a dev phone.
A friend of a friend is the publisher of the article, he waited a good week before submitting publicly.
The issue they've found is that an incoming sms causes all the contacts, calendar and emails get shipped off to a remote server.
Apple and Telstra has tried to keep a lid on it as much as they can, the consultant who initially found it has discovered 9 iPhones over the past week with same symptoms.
I'd like to pass something back to the guy who discovered this bug. So just a few Q's.
If its social engineering its still a concern because it falls within criteria of "security exploit". If so to what end does this help a hacker gain access? Unless you're stipulating is its just a mere prank/joke.
Class 0 SMS or not, shouldn't there be something at the application level to stop it from putting up nasties on the screen? Does pressing "dismiss" get rid of it?
I'm not that guy but I hope you dont mind if I have a go at answering them.
Yes and no. A social engineering attack is entirely dependent on the user believing it (OMG This Virus is going to shred my dog and burn my hard drive), the root cause of this is most often stupidity and unfortunately there is no known fix for stupid (well, there is education but that has mixed results).
Its a problem we face that can be exploited so it's a yes but its a problem we cant fix with a patch so also it's a no.
It can be used for jokes and pranks as it has been done in the past but now it's being used for bullying (harassment).
I agree, I dont know why class 0 SMS is still being automatically displayed/not saved, especially with the potential for abuse. Pressing "dismiss" does get rid of it, further more it does not save it (the only reason it's so good for bullying is that there is no evidence).
Calling someone a "hater" only means you can not rationally rebut their argument.
Thanks. The guy in question is fairly high up the food chain in vulnerability assessment (and works for one of the 3 big AV companies).
I can safely say everyone working in the security industry is beating their knife and fork at the dinner table waiting for Apple to screw up in this way. Not to take a shot at Apple, moreover, wanting to be the first company to be able to "save" Apple and be the front runner in SmartPhone AV.
I'm going to respond back to his email with some of the things you raised. I'll also see if he was able to track any outgoing data off the iPhone, as it stands I wouldn't be surprised if it is just a face value hack and no data is stolen but he has said contacts and emails do get sent.
For a moment i thought it could of been a strcat() exploit, using the rejoin of SMS's to smash the stack (I know a little old school but you never know).
I updated my iPhone3G(32) to 4 and that was that. Brick time. Dead as a doornail, no response from any buttons, no acknowledgement when attached by cable to iTunes on Macbook. And it happened the day my AppleCare expired. HA Ha, ulp!#$ The shine is wearing off Apple a little bit, and my fanboi status may not last as long as I do. I need my iPhone to be a good phone first then some other things later. And I need my MacBook Pro and Mac Pro to be reliable day after day. If my Mac Pro dies after Apple Care expires, I will be hard pressed to know who to buy from next.
Or just use something like Easy Root by UnstableApps.com. It roots your phone without needing adb or a computer at all. Of course, it uses an exploit to gain root priv's too :)
Ironically, an app Google pulled from Android Market.
If all else fails, immortality can always be assured by spectacular error.
Funny.. but imagine life as a sales rep or contractor. You browse some site in the morning and now your phone doesn't work. It will be 7 or 8 hours before your back to your PC and in that 7 or 8 hours none of your customers not being able to contact you.
That is serious lost revenue and not a mild inconvenience.
where exactly did he say that apple should not fix??
fair play or whatever the name of their DRM does just that ... tou can't just copy the application and run it
basic int the way that it is my phone I can do what ever the hell I want with it ... I don't need apple's blessing to do it.
for one I want to write an app for my sake don't want to sell it to anyone ... how the hell can I do that ???
other than Jb I need to pay F 100$/year to apple WHY?
I noticed that Google is cracking down on their Android OS by removing EasyRoot from the App store at Verizon's request Saturday then a bunch more Android tethering apps at T-Mobiles request this week. Then I noticed that someone else in the Android App store had introduced a Trojan that was costing Android users serious money by sending SMS messages transferring money to fake 'charities" such as the hackers bank account.
Not to be outdone the report surfaces of a slick Trojan emptying bank accounts in Europe without the users knowledge in the Windows OS.
All these holes in an OS can end up costing either the carrier serious money in lost revenue or the end user serious money in an empty bank account. I have said it before, out of all the choices one has today, at the present time Apple is the one that is least likely hurt you with their Internet connected products. They have a lot to lose when problems are detected and move as fast as possible to fix them to protect their name.
There are some who are quite vocal in their opposition to Apple but in reality they are no more than a high tech version of the scum rioting for free and subsidized housing permits who then bring crime with them if they move into your neighborhood with government assistance.
They want as much as possible in life for free and open doors for yours too.
most computer shops see that as an opportunity to do business. why wouldn't apple? When you buy a desktop the hardware is under warranty anything else is your problem and if you come back with a virus problem the shop will be glad to help for a price. if you come back for a hardware problem they'll be happy to help too but free of charge as long as it is under warranty.
Did anyone else find a bajillion grammatical errors in that article? Judging by his name, I'd assume that English is the author's primary language... that article is barely coherent.
It is the drugs my son.
This is Slashdot we're talking about. "Apple quick to patch serious security flaw and protect its users' devices, whilst incidentally breaking the most alarming jailbreak technique to date" (which I'm sure plenty of people will have sent in) doesn't generate as many clicks as "Big mean corporate giant Apple stop you from jailbreaking your device and stomp all over your freeeeeedom". Simple as that really.
Of course, anyone who knows what they're doing and does enjoy the jailbreak when it's available (like myself), can simply have the sense back up their shsh blobs through Cydia, avoid updating, and apply the community-developed security patch instead. Or if it matters that much, buy a less restricted phone.
"Enabling no-added-cost tethering is the best reason to jailbreak an iPhone."
Isn't that just another way of saying the best reason to jailbreak is so I can go out and steal a service.
Nowhere did I say whether it's an Apple restriction or not. If it's a restriction, it's a restriction - other phones I can buy on networks that don't have this restriction.
But hey, I see the pro-Apple mods are out in form, modding up straw man arguments, and modding down anyone who disagrees.
And a quick search suggests Apple do have a hand in this too.
Enabling no-added-cost tethering is the best reason to jailbreak an iPhone.
But that was my original point, anyway. The whole question of whether it was Apple's idea or AT&T's is a straw man argument made up by tooyoung.
I love how stating the bare facts is deemed by the astroturfers to be "troll" - evidently the Iphone is so bad, you don't need to make it up: even the basic specifications are assumed to be the result of trolling!
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones
Don't change the subject because you were wrong.
You are correct that I was wrong that the video game consoles are like iPhones. They don't have a cellular radio. Please allow me to rephrase my original comment more accurately:
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPod Touch products.
A HTC Desire costs A$600 whilst an Ipod touch costs A$400
In the United States, an unlocked HTC Desire costs 500 to 600 USD while an iPod Touch costs 200 USD.
You've heard of a Lan party right.
For a LAN party to work, each player has to own his own PC. A lot of families still have fewer PCs than people, and if one member of the household has dismantled the PC and taken it to a LAN party, another member of the household cannot use it to pay bills or go on Facebook until the first person has returned. And I don't see how one would carry a desktop PC from home to the site of the party on a bicycle.
Different games have different audiences, so your point being?
Say a company too small for a console license wants to develop a game for a console audience. What should the company do to prevent the universal customer reaction from being "Nice game you got there; too bad it's only for the PC."
Can I plug my Street Fighter II cartridge into my Wii?
Super Street Fighter II is in Virtual Console. If you're talking specifically about not rebuying, then there's a cartridge reader for the PC, but one would still run into the screen size problem.
I have been corrected on that point - stock iPhones now can use VoIP on 3G now. It was carrier based in the US, just like tethering (which my stock UK iPhone does just fine), and unlocking, which my UK carrier will do for me but still can't be done in the states. I just hadn't checked the changes in VoIP because my plan means I just don't need it.
You are attempting to equate the phone with a standard Windows PC, which is a bit disingenuous - it's more accurate to compare it to a games console. Sure, some PS3s can install Linux, but I would hardly call that a basic function of the device (for 95% of the target audience). You can't use PS3 games on an Xbox 360, which I'm sure is not a feature.
If you want an Apple platform that is not set up this way (and sold and promoted to work this way) then that's what the Apple Mac is for, where you can install anything you like (assuming you have appropriate software first - eg, if you want to run windows software you'll need an emulator or a copy of Windows itself).
What's with all the hostility and attempted sarcasm? I'm not trying to personally wound people who don't agree. It just makes your arguments look childish.
Because you just can't do that, and you know that ahead of time. It's not something the iPhone does.
If you buy a two door car do you also complain that it's missing the "basic functionality" of being able to get people into the back through the rear doors, which it doesn't have, without hacking the car to fit some? You knew when you bought it that it didn't have rear doors, and my car or a car you already own has them, so why doesn't this one?!!
If you want to write an app for your smartphone that is just for you, then you should look for a smartphone that has that capability - phones that run Android fit that market.
Sounded reasonable to me. Guy saw a story about an Android getting hacked. Of course, you previous post did state that it was all the users' fault for installing the apps. Good point, a secure platform should let anything be installed. Yup.
Vote monkeys into Congress. They are cheaper and more trustworthy.
I would love to know what these people were basing their lawsuits on. "Loss of daily laughter"? "Crippling emotional loss"? "Lack of any social life"? The author should have told them to "bring it on" and then counter-sue for his waste of time. Probably could pay his hosting costs for a few years.
Makes me wonder if these people threaten lawsuits against the USPS if their mail is late one day...
Vote monkeys into Congress. They are cheaper and more trustworthy.
Which is why I always have a non-smart phone with me all the time. Can't hack a phone that is only a phone (well, over a network, anyway).
People like the shiny and fancy, and at the same time forget that a basic tool can still get the job done, normally with less risk. As geeky as I want to be, I'm more risk adverse.
Vote monkeys into Congress. They are cheaper and more trustworthy.
"There is a jailbreak application that prompts the user before downloading any PDF via the Safari browser, meaning that you have to allow the browser to download any exploit."
I, at least, read this as saying that instead of fixing the problem the jailbreak application that he would prefer Apple mimic, simply prompts a user every time they download a PDF so they have to allow the browser to "download the exploit." That means that the exploit is still in the PDF being downloaded, its just that a website can't secretly send you to a PDF when you think you are getting a webpage.
Oh, and the point of all this being that the OP wants to be able to jailbreak his phone through his browser even though any method of making changes to the OS via a webpage represents a serious security hole in the browser.
I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.
This is pretty much exactly why I got away from the iPhone. I can do all of that out of the box on my Captivate. I enabled "Multitasking" on my 3G and was painfully disappointed by the performance hit. I completely understand why Apple chose to leave "Multitasking" out of the question on the 3G. In my opinion, I seriously can't see how Apple can keep up with the pace of Android. I guess there is that "emotional attachment" they can rely on, though.
Good point, a secure platform should let anything be installed. Yup.
code, or even use software much?
there's plenty of legit reasons to install non-market apps. there are also plenty of legit reason fo apps to request access to read your contacts and send SMS messages etc. so tell me, how does this secure platofrm you are dreaming inspect the app developer to determine if they have good intentions?
ever used any of the 3 major desktop operating systems? all of them allow apps to request "root" access. all three of them leave it up to the user to make a decision
for me that means if you jailbroke your phone there is a temp fix if you don't want to update. (by the way there is a fix on cydia as of yesterday a true fix not somthing that prompts. And it works). In no way that implies "why tf did apple fix the issue?!!!?!?!"
My point was Basic or Advanced features set a side the damn thing is mine and I should be able to do what ever I want with it with or without apples blessing. If they don't provide a reasonable official way to do it then I have carte blanche to do what ever it takes to achieve that. ... if I buy a tow door car and want a third I can HACK it to add an other door the manufacturer of the car has nothing to say and can't possibly sue me for doing that.
And let me rais you one: if you but a car and the manufacturer tells you sorry man you can only use a TOMTOM GPS device in our car.
.. I lost my other (dumb) phone and It was a gift. I would never had bought it on my own given that I know what I know now, b/c I didn't know anything about it or any smart phone for that matter before this. For me a phone is a phone ".".
Until just few weeks ago jailbraking wasn't legal (nor illegal) in the US. Here in canada it's still not explicitly legal (even the new bill stats explicitly that unlocking phones would be legal but nothing on jailbraking and since there are TPMs involved then it will most probabaly be illegal). to take on your CAR analogy
Before you get to "so why did you buy it?" I didn't buy my iphone
I don't hate apple nor do I "love" them. I own a macbook pro and it's wonderful - a bit over priced but it's well worth the trouble- and it doesn't have the "non"limitation the iphone has.)
The car analogy you gave is beside the point. If you buy a car and want to mod it you can buy what ever part you want from any one you want. I don't see Mazda forcing people to buy MazdaSpeed parts (if the part is deemed safe by whatever authorities in place it can be manufactured and sold by anyone to anyone willing to buy it).
(sorry hit the submit button too soon by accident)
The car analogy you gave is beside the point. If you buy a car and want to mod it you can buy what ever part you want from any one you want. I don't see Mazda forcing people to buy MazdaSpeed or Mazda approved parts (if the part is deemed safe by whatever authorities in place -not Mazda- it can be manufactured and sold by anyone to anyone willing to buy it). And if it did the gov would be breathing down it's neck for Monopoly issues and people would be suing.
So, sell the iPhone, or return it to the store and exchange it for a different one that does do what you want, even if it was a gift - you can return it and get out of any phone contract you're in.
Of course you can hack a car and add a third door, just like you can with the iPhone. However, don;t expect the warranty to be valid on the phone or the car after you do this unsupported thing (that you are within your rights to do in both cases), however, the lack of back doors on the car and the lack of 3rd party installation ability on the phone does not mean that the phone or car is "lacking basic features" since they were never on the thing in the first place - lots of objects lack "basic" features that other objects have. Back doors on 2 door cars, third party installs on smartphones, cordless jugs on electric kettles, number pads on small bluetooth keyboards, eraser on the back end of a pencil....
If you truly were given your iPhone and you quickly realised that in the first month it didn't do what you needed and you're on a contract, then you are unfortunate, but hey - it was a gift. If it was on pay as you go, just sell it and use the proceeds to get a new phone.
No, but if you have a warranty with Mazda and you install parts yourself, or from a non-authorised repair place, you will void your warranty.
Other than that, Mazda don;t care what you do with your car. They just won't support you if you "go off the Mazda-approved path".
Much like a smartphone.
who's asking for support?? I'm not saying that mazada should offer your warranty after that, the point is that mazda is not impeding on your ability to do so! Apple is not letting people do that (unless you jailbrake).
as I said "basic or advanced" feature set aside! Advanced or basic is a mater of personal taste. the phone is mine and I should be able to do what ever I want with it.
and no you can't just walk out of contract (it costs like 300$)
I never mentioned warranty to begin with, and I'm not expecting apple to honor it after I jailbrak my phone (which I DID)!
How are Apple stopping you?
You have to modify your phone to be able to do this stuff, just like you have to modify your car if you want to install doors, or install a different engine or something not originally designed for the car that may require different mountings, or hose adapters, or changing the ECU (which is a proprietary nightmare on some cars).
You can leave any contract before 30 days at no penalty. You have consumer rights.
Since you don't need root access for standard tethering (i.e. EasyTether, using a phone as a 3G modem over USB or bluetooth) and since it uses standard Android APIs, I'm not sure that disabling tethering on Android is possible. In fact I'm using it now on my Droid to send this.
I assume you can use EasyTether even on AT&T's droid phones.
Support SETI@home
Blame slashdot for that misinformation. I was under the impression that if you flashed a Milestone with an unsigned ROM, you blew a microfuse and that was that.
(Either way, both our phones are more locked up than a WinMobile 6.5 phone.)
is it legal? in US may be (but hey since whene??) in canada ... no !
I see your point in my poor definition of what I perceive as the potential problem. The point I was trying to make was unauthorized access to data, where the user does not even know the data is being accessed. Before you get yippity again, if there is no 3rd party overview of app software, how do you know that that app is not going to steal all of your data and send it back somewhere?
This was not a code issue, nor an app asking for access issue. It was an issue about non-authorized, non-asking access to data. [I could make some snarky remark asking you if you ever installed LimeWire (or whatever) and had your computer compromised.]
Vote monkeys into Congress. They are cheaper and more trustworthy.